F/6  5/11 


AD-Atl6  670 
UNCLASSIFIED 


RAND  CORP  SANTA  MONICA  CA 
A  TAXONOMY  FOR  PRIVACY* (U) 

NOV  61  M  H  MARE 
RANO/P>6706  NL 


A  TAXONOMY  FOR  PRIVACY 


Willis  H.  Ware 


November  1981 


t 


A  TAXONOMY  FOR  PRIVACY* 

The  invitation  to  present  this  paper  suggested  that  it  might  seek 
to  organize  privacy  concerns  in  some  overall  framework.  How  can  the 
many  dimensions  of  privacy  be  all  put  together?  How  can  the  various 
perspectives  on  privacy  be  harmonized?  Can  a  focus  be  provided  to  give 
some  guidance  to  the  legal  and  judicial  systems  of  the  country?  Behind 
these  questions  is  the  observation  that  the  legal,  judicial,  and 
legislative  communities  --  as  influenced  by  moral  and  ethical  views  -- 
are  dealing  with  privacy  issues  one  by  one  as  they  arise.  So  to  speak, 
the  issues  are  dealt  with  disjolntly  and  in  the  small  rather  than  in  the 
large.  There  seems  to  be  no  cohesion  presently  across  the  fabric  of 


privacy. 


■aV. 


A  suitable  framework  must  not  only  accommodate  the  forward  march  of 
technology,  but  it  also  must  embrace  such  privacy  law  as  has  already 
been  created;  and  it  must  provide  a  mechanism  for  the  moral  and  ethical 
views  of  society  to  play  their  part.  One  might  try  to  approach  the  task 
by  imagining  the  privacy  consequences  for  each  new  application  of  new 
technologies.  However,  one  cannot  be  sure  that  a  comprehensive  catalog 
would  ensue;  and  anyway  it  would  all  be  speculation  about  things  that 
are  possible  in  principle  but  might  never  happen.  It  is  altogether  too 
easy  to  construct  scenarios  based  on  technological  possibilities,  but 
altogether  too  difficult  to  predict  whether  such  events  will  ever  occur 


^Presented  at  the  National  Symposium  on  Personal  Privacy  and 
Information  Technology,  sponsored  by  the  American  Bar  Association 
and  AFIPS,  at  Amelia  Island  Plantation,  Florida,  October  4-7,  1981. 


"or  j 

on — 

er 

□ 

□ 

•/ _ 

y  Codes 
•  A  and/or 
Special 


-2- 


The  discussion  here  will  attempt  a  pragmatic  look  at  the  broad  sweep  of 
privacy  and  is  oriented  toward  providing  the  legal  and  judicial 
communities  a  way  to  look  at  privacy  litigation,  and  possibly  also  a  way 
for  the  legislative  community  to  think  about  new  law. 

It  has  been  suggested  that  the  proper  issue  to  focus  on  is  the  mere 
existence  of  technology  rather  than  its  use.  However,  even  though  the 
purveyors  of  contemporary  technology  might  content  themselves  with 
marketing  just  products  rather  than  services,  privacy  consequences  will 
Inevitably  arise  as  the  uses  of  such  products  spread.  Existence  of 
technology  will  iinavoldably  breed  some  uses  that  are  undesirable  in  some 
way.  Furthermore,  the  world,  its  population,  and  its  institutions  must 
collectively  struggle  to  become  more  efficient,  to  conserve  resources, 
to  exist  and  grow,  and  to  establish  more  equitable  societies.  Thus, 
although  such  products  as  hand  calculators,  personal  computers,  various 
cable  services,  wired  cities,  and  on-line  data  bases  can  --  in  some 
scenarios  --  create  privacy  consequences  in  principle,  they  do  not 
automatically  give  rise  to  privacy  difficulties  in  fact  and  may  never, 
depending  on  details  of  the  utilization.  In  many  circumstances  economic 
aspects  will  be  the  principal  driver;  although  in  some,  innovative 
applications  by  imaginative  people  can  also  stimulate  problems. 

Any  discussion  of  technology  will  always  point  out  its  rapid 
progress  and  the  profound  effect  it  is  likely  to  have  on  society, 
especially  when  the  technology  in  point  is  related  in  some  way  to 
information  or  data.  Without  question  such  advances  will  haVe  a 
profound  effect;  the  only  thing  one  can  argue  about  is  the  time  scale 


over  which  it  will  occur.  Will  it  be  25,  10,  or  only  5  years  before 


-3- 


things  now  readily  possible  in  principle  will  become  real?  Why  though 
is  the  certainty  of  the  effect  so  evident? 

First,  information  —  which  is  a  more  comprehensive  term  than 
data  —  is  the  essence  of  purposeful  behavior  for  every  element  of 
society.  Information  is  an  essential  ingredient  behind  the  behavior  of 
organizations,  in  the  functioning  of  physical  mechanisms,  and  indeed  in 
the  basic  biological  structure  of  individuals  and  other  life  forms. 

Along  with  energy,  information  is  the  basis  for  the  physical  universe  as 
we  know  it,  for  everything  we  appreciate  about  it,  and  for  the  behavior 
of  society  and  its  institutions. 

Second,  modern  communication  technology  is  the  transportation 
mechanism  that  moves  information  from  place  to  place  and  allows  us  to 
deliver  it  wherever  wanted.  In  addition,  modern  digital  computer 
technology  allows  us  to  manipulate  information  in  very  general  ways,  and 
it  is  Important  to  note  that  digital  computer  technology  is  the  only 
thing  that  mankind  has  which  can  process  information  faster  than  the 
human  head.  Thus,  together  the  two  technologies  allow  us  to  do  pretty 
much  anything  we  wish  with  information;  and  to  the  extent  that  we  do  not 
yet  know  how  to  do  some  things,  it  is  a  matter  of  not  yet  intellectually 
understanding  enough  about  the  information  processes  in  them.  There  is 
no  basic  lack  of  technology  in  the  way  for  the  most  part. 

Thus,  the  blend  of  communication  and  computer  technology  —  what 
they  jointly  make  possible  —  plus  the  universality  of  information  as  an 
element  of  nature,  explains  why  technology  is  so  central  as  an  issue  of 
concern  to  society  at  large,  especially  for  privacy  consequences,  and 
why  the  impact  of  the  two  is  so  certain.  Furthermore,  the  same  facts 


-4- 


explain  why  the  world  has  made  an  irrevocable  commitment  to  computer  and 
communications  technology.  The  days  in  which  affairs  could  be  conducted 
by  paper  and  pencil  under  green  eyeshades  are  forever  gone;  there  is  no 
way  for  the  world  to  retreat  from  its  commitment.  Therefore,  we  as 
society  must  deal  with  the  consequences,  one  of  which  is  privacy  in  one 
of  its  forms. 

As  the  dialogue  about  Informational  privacy  developed,  one 
sometimes  heard  the  view  expressed  that  "l  have  nothing  to  hide;  anyone 
is  welcome  to  know  anything  about  me."  The  opposite  view  is  that  "No 
one  has  an  intrinsic  right  to  know  anything  about  me  except  for  reason." 
It  is  to  be  observed  that  society  generally  does  not  publish  vast 
encyclopedias  concerning  all  there  is  to  know  about  everyone;  one  must 
therefore  conclude  that  the  "let  it  all  hang  out"  philosophy  does  not 
really  prevail.  On  the  contrary,  society  generally  controls  access  to 
information  by  many  means,  although  it  sometimes  grants  blanket  access 
to  some  subset  of  society;  for  example,  all  physicians  can  access 
medical  records,  or  the  IRS  as  an  organization  has  all  tax  information 
although  within  IRS  access  is  controlled  by  job  position.  One  must 
conclude  that  a  basic  axiom  of  informational  or  recordkeeping  privacy 
is:  "You  may  not  know  something  about  me  without  a  justified  (to  me),  or 
socially  accepted,  or  legally  sanctioned  need-to-know . " 

Looked  at  that  way,  one  could  in  principle  reduce  all  of 
recordkeeping  privacy  to  defining  need-to-know  for  a  category  of 
Information,  plus  establishing  the  authority  under  which  the  need-to- 
know  fiinctlons.  Such  an  approach  is  at  best  a  way  to  deal  with  privacy 
when  we  recognize  its  presence,  but  it  is  not  a  very  broad-gauge  one. 


-5- 


The  "privacy  pie"  includes  not  only  fair  information  policy,  which  is 
the  way  contemporary  law  approaches  recordkeeping  privacy,  but  it  also 
includes  aspects  of  social  discrimination,  aspects  of  national 
vulnerability,  plus  a  broad  collection  of  personal  dimensions  including 
physical  proximity,  surveillance  of  motion,  risk  of  property,  and 
others . 

Philosophically,  awkward  moral  and  ethical  issues  arise  when  one 
seeks  to  define  privacy,  in  part  because  the  very  word  "privacy" 
connotes  such  diverse  things  to  individuals.  From  a  social  point  of 
view  one  might  try  to  frame  a  broad  construct  for  privacy  in  terms  of 
equity  by  using  the  notions  of  equality  of  opportunity  for  individuals 
or  arbitrary  imposition  of  disadvantage  on  individuals.  It  would  seem, 
however,  that  some  very  special  connotation  for  "opportunity"  or 
"disadvantage"  would  be  necessary  to  develop  such  a  theme,  and 
consequently  it  seems  not  a  satisfactory  direction.  While  it  is 
desirable  in  the  ultimate  to  have  a  good  definition  of  privacy  to  keep 
its  philosophical  basis  tidy,  a  more  pressing  concern  is  how  to  identify 
and  define  actionable  aspects  of  privacy  for  the  guidance  of  legislative 
and  judicial  affairs. 

We  --  used  as  a  collective  pronoiin  --  do  not  really  know  what 
privacy  is  in  a  comprehensive  way,  but  any  Individual  certainly  believes 
that  he  knows  it  when  he  sees  It.  What  is  needed  is  a  framework  for 
recognizing  a  privacy  Infraction  and  deciding  what  to  do  about  it  when 
it  occurs.  So  let  us  consider  approaching  the  matter  in  reverse,  so  to 
speak.  Rather  than  trying  to  define  "privacy,"  define  instead  "invasion 
of  privacy"  and  develop  an  overall  construct  from  that  point  of  view. 


Consider  the  notion  of  "space"  --  not  in  the  context  of 


extraterrestrial  void,  but  rather  in  the  context  of  personal  surround. 
Intuitively,  one  knows  what  is  meant  by  the  term  because  it  has  been 
used  frequently  in  contemporary  psychological  discussions.  To 
illustrate,  one's  visual  space  is  what  is  accessible  to  his  eyes;  one's 
aural  space,  what  his  ears  catch.  One's  physical  space  is  a  cocoon  of 
certain  dimensions  aroiuid  a  person;  and  psychological  space,  while  more 
abstract  and  harder  to  define,  has  something  to  do  with  behavioral  or 
perceptual  things.  Even  more  abstract  is  the  notion  of  informational  or 
recordkeeping  space,  but  one's  imagination  can  see  a  volume  that 
includes  all  the  records  that  concern  one's  life. 

If  one  envisions  a  "space"  --  whatever  kind  it  is  -•  as  a  physical 
volume,  then  one  can  also  envision  an  intrusion  or  entry  into  such  a 
space.  If  there  are  negative  or  undesirable  consequences  of  such  an 
intrusion,  they  can  be  cataloged  and  separated  into  annoyances,  those 
that  constitute  harm,  and  those  that  should  be  overlooked  or  ignored. 

The  total  effect  of  the  harmful  ones  will  constitute  the  definition  of 
what  "hurt"  or  "injury"  or  "damage"  means  for  the  space  in  question.  In 
turn  one  can  then  decide  how  to  legally  deal  with  each  space  and  its 
intrusions,  and  further  discover  where  legislative  actions  or  judicial 
Insights  are  needed. 

Try  some  examples  to  validate  the  construct.  First  consider  ones 
that  might  be  called  sensory  spaces;  the  most  obvious  is  visual  space. 

It  Includes  what  the  eyes  see,  and  the  most  severe  intrusion  is  probably 
blindfolding.  Others  include  flashing  bright  lights,  the  display  of 
objectionable  material,  or  critical  written  attacks.  Consequences  of 


-7- 


such  intrusions  include  sensory  deprivation,  mental  disorientation, 
especially  if  the  frequency  and  brightness  of  a  flashing  light  is  just 
right,  annoyance,  anger,  or  damage  to  reputation.  Some  of  these 
consequences  would  be  legally  actionable  under  existing  law  perhaps  even 
as  an  aggressive  act.  Under  some  circumstances  Intrusion  of  morally 
objectionable  material  before  the  eyes  might  be  considered  an  aspect  of 
privacy,  whereas  written  things  before  the  eyes  might  come  under 
defamation  law,  but  in  this  particular  instance  it  would  be  different 
for  a  public  official  and  perhaps  not  actionable. 

Another  of  the  sensory  spaces  would  be  the  aural  space  which  is  the 
totality  of  what  is  heard  by  the  ears.  Typical  intrusions  would  include 
loud  stereo  playing,  casual  conversation,  excessive  noise  levels  such  as 
in  a  factory,  the  general  background  clamor  of  a  city  or  factory, 
shouted  remarks  or  obscenities.  The  consequences  of  intrusion  of  aural 
privacy  would  range  from  none  through  annoyance  to  physical  damage  or 
pain  to  psychological  disturbance  or  anger.  Some  of  them  would  be 
legally  actionable  as  a  public  nuisance  or  as  noise  pollution;  others 
would  not  be  actionable,  whereas  some  would  fall  under  the  purview  of 
the  Occupational  Safety  and  Health  Administration. 

Intrusions  into  one's  physical  space  would  Include  standing  close, 
sitting  on  the  same  bench,  physical  pressure  in  a  crowd,  touching  and 
fondling,  or  the  ultimate  intrusion  of  bodily  seizure  or  confinement. 

The  consequences  would  range  from  annoyance,  to  physical  discomfort,  to 
psychological  malaise,  to  sexual  approach  or  mortification,  or  to  bodily 
harm.  Some  of  these  would  be  actionable  under  the  laws  of  assault, 
sexual  molestation,  perhaps  public  nuisance,  unlawful  seizure  or  false 


imprisonment.  Some  of  the  physical  intrusions  might  be  spoken  of  as 
privacy  invasion  under  some  circumstances,  e.g.,  when  another  individual 
sits  down  on  one's  parkbench;  many  will  come  under  other  categories. 
Finally,  with  respect  to  recordkeeping  space,  intrusions  would  include 
such  things  as  misuse  of  information,  improper  dissemination  of 
information,  or  collection  of  inappropriate  facts.  Consequences  would 
include  embarrassment,  denial  of  credit,  or  destruction  of  reputation, 
among  others.  Generally,  the  privacy  invasion  of  recordkeeping  space  is 
legally  actionable  vuider  various  federal  and  state  laws. 

While  these  examples  certainly  do  not  exhaust  all  possible 
dimensions  of  privacy  in  the  general  sense,  the  approach  does  seem  to 
circumvent  the  ethical  and  moral  hurdle  by  implicitly  involving  both  in 
the  process.  This  approach  also  seems  to  properly  include  the  role  of 
case  law,  but  let  us  develop  these  last  two  points  more  fully. 

In  the  suggested  construct,  namely  of  defining  invasion  of  privacy 
rather  than  privacy  itself,  the  first  step  would  be  to  conceptualize  or 
identify  a  space  of  concern.  The  second  step  is  to  identify  possible 
intrusions  into  the  space;  one  should  note  that  such  a  list  could  be 
amended  as  events  occurred  or  became  important  to  society.  The  third 
step  would  be  to  identify  the  consequences  of  such  intrusions;  here  the 
moral. and  ethical  views  of  society  can  be  properly  involved.  Next  one 
would  determine  what  "hurt"  or  "damage"  or  "injury"  is  for  each  of  the 
intrusions  or  consequences;  again  the  moral  and  ethical  views  of  society 
clearly  would  be  at  work.  Also  the  cumulative  effect  of  case  law  would 
establish  self-adapting  definitions  of  the  three  as  society  changes,  or 
as  moral  and  ethical  views  evolve.  The  final  step  is  then  the  question 


of  legal  actionability;  clearly  the  overall  judicial  process  and 
legislative  attention  would  be  folded  in. 

The  validity  of  such  a  "backend-to"  procedure  is  encapsulated  in 
the  following  series  of  points: 

o  Rather  than  conceive  a  very  broad  definition  of  privacy  that 
can  umbrella  all  the  many  variations  on  the  privacy  theme, 

o  It  concentrates  on  events  and  relates  them  to  societal  views, 
morals,  and  ethics  as  exemplified  through  the  legislative  and 
judicial  processes. 

o  It  is  a  phenomenological  approach  that  concentrates  on  events 
rather  than  causation  and  thus, 

o  It  tracks  and  reflects  usage  of  technology  rather  than  a  priori 
proscribing  acceptible  boundaries  for  it. 

o  It  can  accept  as  part  of  the  overall  framework  any  legal 
actions  that  are  appropriate  to  the  hurt,  e.g.,  recover 
damages,  penalize  the  perpetrator,  injunct  the  perpetrator. 

o  Furthermore  it  can  accommodate  expressions  of  concern  by 
society  in  behalf  of  individuals  as  well  as  individuals  in 
behalf  of  themselves,  or  even  society  in  behalf  of  its 
institutions  and  organizations. 

Finally,  the  proposed  construct  --or  taxonomy  for  privacy  --  might 
be  used  as  an  analytic  framework  for  perceiving  the  privacy  consequences 
of  some  new  use  of  technology,  or  for  identifying  areas  where 
legislative  attention  is  needed.  For  this  purpose  one  would  decide  what 
spaces  some  new  service  might  intrude,  imagine  the  Intrusions  and 


-10- 


consequent  hurts,  and  design  safeguajds  or  laws  to  protect  against  them. 
For  example,  a  new  service  such  as  delivering  many  forms  of  information 
over  the  cable-TV  network  might  invade  visual,  aural,  recordkeeping, 
psychological,  and  perhaps  other  spaces.  In  considering  the  privacy 
effect  of  some  new  technological  application,  one  would  have  to  stitch 
together  the  various  dimensions  of  privacy  invasion  that  the  technology 
might  impose,  and  perhaps  each  of  them  would  have  to  be  dealt  with 
separately  under  law,  judicial  action,  or  social  pressure  and  norms. 

Here  then  is  a  possible  way  to  consolidate  and  relate  the  many 
dimensions  of  privacy.  It  appears  sound  in  terms  of  the  examples  given, 
but  on  the  other  hand,  all  of  them  have  been  in  the  context  of  an 
individual.  There  may  need  to  be  a  somewhat  different  set  of  spaces  and 
intrusions  when  considering  all  of  society  or  organizations.  There  is 
no  pretense  that  the  task  of  producing  a  grand  construct  for  privacy  is 
completely  finished.  The  totality  of  all  intrusions  into  all  spaces 
could  be  catalyzed  under  appropriate  branches  of  law  or  under  various 
specific  categoric  laws.  From  a  philosophical  point  of  view,  one  must 
ask  about  the  various  dimensions  of  hurt  or  injury.  Should  it,  for 
example,  include  denial  of  right -of- act ion  wher  such  a  right  is 
presumed  to  be  one  of  personal  choice?  Should  it  include  negative 
impact,  mortification,  or  shame?  Existing  privacy  law  could  profitably 
be  examined  together  with  other  pertinent  law  to  see  whether  significant 
legislative  gaps  exist  and,  if  so,  whether  attention  is  needed.  If 
nothing  more,  the  point  of  view  offered  in  this  paper  is  at  least  a 
different  way  to  think  about  privacy. 


-11- 


Belatedly,  one  notes  that  in  the  proper  context  the  famous  words  of 
Justice  Brandeis  still  prevail:  "Privacy  .  .  .  the  right  to  be  left 
alone."  Now,  however,  "alone"  must  be  interpreted  to  mean  "alone  in  a 
physical  sense,"  or  "alone  in  a  visual  sense,"  or  "alone  in  an  aural 
sense,"  or  "alone  in  a  recordkeeping  sense,"  or  "alone  in  .  .  .  It 
would  appear  that  the  words  which  really  launched  societal  concern  about 
privacy  are  still  quite  valid  if  only  interpreted  to  mean:  alone  in  the 
broadest  sense.  Even  so,  however,  fuller  amplification  of  Justice 
Brandeis'  words  would  be  necessary.  What  does  "left  alone"  mean? 
Freedom,  or  perhaps  protection,  from  intrusions  other  than  those 
personally,  socially,  or  legislatively  sanctioned?  What  does  "broadest 
sense"  even  mean?  Perhaps  the  notion  of  a  space  --  which  is  a  concept 
borrowed  from  the  physical  sciences  --  together  with  an  easily  grasped 
idea  of  intrusions  into  a  space,  can  usefully  add  scope  and  fullness  to 
an  insightful  idea  expressed  many  decades  ago. 


